Menu

Our Investment in Authentic8

In 2001 I led Mobius Venture Capital’s investment in a company that was defying then-conventional wisdom in its approach to email security. Postini offered an anti-spam/anti-virus email security solution hosted in the cloud, as opposed to via on-premise software or an appliance. This was back before SaaS was even a generally recognized acronym; but what Postini was doing seemed intuitively obvious and their approach was then in the early stage of being validated by customers.

I remember from my reference calls at the time that their biggest customers at that point were Jim Beam Whiskey and a handful of law firms. This mid-size enterprise customer traction convinced us that Postini could grow substantially simply by addressing the mid-market segment, but we and the Postini team also believed they’d be able to move upmarket and eventually service Fortune 500 customers as well. Over time they eventually landed an enviable list of marquee customers like Merrill Lynch, UBS, Glaxo and Starbucks, ultimately securing over ten million enterprise email accounts. Postini continued to grow, and in 2007 the company was acquired by Google for $625m.

Today, I’m excited to announce that Foundry Group has invested in Authentic8, a direct descendant of the Postini DNA. Authentic8 is co-founded by Scott Petry (Postini’s founder) and Ramesh Rajagopal (Postini’s VP Corporate Development), and has the potential to have a similar transformational impact on a new segment of the security market.

Postini was founded to address the fact that email-borne viruses and spam were significant security threat to the enterprise and that IT departments didn’t have the necessary tools to deal with the problem. Authentic8 was created to address the dominant major threat vector in computing today: the browser, and the fact that tools don’t exist to adequately secure the user online.

The browser, the most frequently used application on most end-user computing devices, is subject to a variety of potential attacks including security flaws in the browser code itself, phishing, man-in-the-middle attacks and laundry list of other vulnerabilities.

To create a truly secure browsing environment, Authentic8 looked at the problem from a new perspective – they realized that the best way to remove browser-borne threats from a user’s computer is to remove the browser entirely.

Dubbed the Disposable Browser, the Authentic8 browser (currently based on the Firefox codebase) actually runs remotely on a virtual server in the cloud, though to the end-user it appears that the browser runs locally. Each time a user accesses Authentic8, a “fresh” browser is built from scratch in private server environment. As a result, any malicious code encountered hits Authentic8’s servers, not the end-user’s. When a browsing session is over, the server instance is trashed, leaving no trace of of a user’s personal data or browsing history behind. Finally, Authentic8 can manage a user’s login and password information, encrypting and submitting login credentials on the user’s behalf. Of course, all communication between the user and the Authentic8 service is encrypted, over their secure protocol.

All of these features add up to create a browsing environment that is dramatically more secure than the status quo, and is something we think will appeal greatly to both security-conscious end-users and enterprise CIOs.

The Authentic8 service is currently in closed-beta and will be opening up to larger group of beta users in the coming weeks. You can sign up here to be notified when access to the pre-release program becomes available.

We are looking forward to working with Scott and Ramesh and the rest of the Authentic8 team to build a great company.

This idea is not new — heard of high-interaction honeyclients? The biggest challenge is to provide real-time response while the user is waiting, esp. with JS malware detection, so claims aside I will believe it when I see it in action. If you don’t trust me ask the co-founders what I am talking about.